Yahoo Inc (YHOO.O) released a statement on Thursday confirming that in what appeared to be the world’s biggest cyber crime, at least 500 million user accounts were hacked in 2014. Given the magnitude of the theft, Yahoo believes that the hack was state sponsored.
While the statement has alarmed Yahoo and users of other web-based services alike across the globe, a little respite comes from the fact that some of the most valuable user data, including unprotected passwords, payment card data and bank account information was not compromised. However, such information such as names, dates of birth, telephone numbers, e-mail addresses and encrypted passwords were stolen.
While this is touted to be the biggest data breach in history, there remain many unanswered questions that make the actual impact of the cyber attack on the users unclear.
While the cyber attack occurred almost two years ago in 2014, Yahoo only found out about it after investigation for another possible data incursion came to light. It is reported that while the pretext for the initial security breach turned out to be false, however, Yahoo’s investigation returned with the 2014 theft.
In the statement issued by the organization in wake of the Yahoo hack, all users were urged to change their passwords and security questions and answers not only for their Yahoo accounts but also for other accounts on which they used the same or similar credentials as those used for their Yahoo Account. The statement also asked the users to review their accounts for suspicious activity and exercise caution in any unsolicited communication that asked for the users’ personal information or referred them to a web page that prompted the to provide personal information.
On its part, Yahoo is notifying affected users and asking them to make use of alternate means of account verification. Yahoo has also invalidated unencrypted security questions and answers so that they cannot be used to breach user accounts. “We continue to enhance our systems that detect and prevent unauthorized access to user accounts. Our investigation into this matter continues,” read the official statement.
The Yahoo Hack comes in the wake of an increasing trend of mega-scale cyber thefts that have raised serious concerns regarding the commitment of the US companies and the government in ensuring cyber security.